196,011 research outputs found
Introduction to the special issue on security and privacy for connected cyber-physical systems
A Survey on the Security of Stateful SDN Data Planes
Software-defined networking (SDN) emerged as an attempt to introduce network innovations faster, and to radically simplify and automate the management of large networks. SDN traditionally leverages OpenFlow as device-level abstraction. Since OpenFlow permits the programmer to "just" abstract a static flow-table, any stateful control and processing intelligence is necessarily delegated to the network controller. Motivated by the latency and signaling overhead that comes along with such a two-tiered SDN programming model, in the last couple of years several works have proposed innovative switch-level (data plane) programming abstractions capable to deploy some smartness directly inside the network switches, e.g., in the form of localized stateful flow processing. Furthermore, the possible inclusion of states and state maintenance primitives inside the switches is currently being debated in the OpenFlow standardization community itself. In this paper, after having provided the reader with a background on such emerging stateful SDN data plane proposals, we focus our attention on the security implications that data plane programmability brings about. Also via the identification of potential attack scenarios, we specifically highlight possible vulnerabilities specific to stateful in-switch processing (including denial of service and saturation attacks), which we believe should be carefully taken into consideration in the ongoing design of current and future proposals for stateful SDN data planes
Collective Remote Attestation at the Internet of Things Scale: State-of-the-art and Future Challenges
In recent years, the booming of Internet of Things (IoT) has populated the world with billions of smart devices that implement novel services and applications. The potential for cyberattacks on IoT systems have called for new solutions from the research community. Remote attestation is a widely used technique that allows a verifier to identify software compromise on a remote platform (called prover). Traditional challenge-response remote attestation protocols between the verifier and a single prover face a severe scalability challenge when they are applied to large scale IoT systems. To tackle this issue, recently researchers have started developing attestation schemes, which we refer to as Collective Remote Attestation (CRA) schemes, that are capable of remotely performing attestation of large networks of IoT devices. In this paper, after providing the reader with a background on remote attestation, we survey and analyze existing CRA schemes. We present an analysis of their advantages and disadvantages, as well as of their effectiveness against a reference attacker model. We focus our attention on CRA schemes' characteristics and adversarial mitigation capabilities. We finally highlight open research issues and give possible directions for mitigating both the limitations of existing schemes, and new emerging challenges. We believe this work can help guiding the design of current and future proposals for CRA
Perindopril/Ambrosin Combination Mitigates Dextran Sulfate Sodium-Induced Colitis in Mice: Crosstalk between Toll-Like Receptor 4, the Pro-Inflammatory Pathways, and SIRT1/PPAR-γ Signaling
Colitis is one of the inflammatory states that affect the intestinal wall and may even predispose to malignancy due to chronic irritation. Although the etiology of colitis is not yet fully explored, a combination of genetic and environmental factors is strongly incriminated. Perindopril is an angiotensin-converting enzyme inhibitor that is used for the management of a wide range of cardiovascular diseases. Ambrosin is a sesquiterpene lactone that was proven to have beneficial effects in disorders characterized by inflammatory nature. The objective of this study is to make a comparison between the effects of perindopril or ambrosin on dextran sulfate sodium (DSS)-induced colitis in mice and to explore the effect of their combination. The present findings indicate that each ambrosin or perindopril alone or in combination is able to ameliorate oxidative stress and suppress the proinflammatory pathways in the colonic tissues of DSS-treated mice via mechanisms related to toll-like receptor 4/nuclear factor kappa B signaling and modulation of peroxisome proliferator-activated receptor gamma/sirtuin-1 levels. In addition, each ambrosin or perindopril alone or in combination inhibits apoptosis and augments the mediators of autophagy in DSS-treated mice. These effects are reflected in the amelioration of the histopathological and electron microscopic changes in the colonic tissues. Interestingly, the most remarkable effects are those encountered with the perindopril/ambrosin combination compared to the groups treated with each of these agents alone. In conclusion, the perindopril/ambrosin combination might represent an effective modality for mitigation of the pathogenic events and the clinical sequelae of colitis
Mating system and alternative male mating tactics in the grass goby Zosterisessor ophiocephalus (Teleostei: Gobiidae)
Peculiar fertilization dynamics, with males releasing sperm in mucous trails lasting several hours, characterize some demersal spawning fish. The mating system was investigated in a natural population of one of these species: the grass goby Zosterisessor ophiocephalus (Pallas, 1814), a large coastal goby inhabiting seagrass meadows in shallow brackish water. Adult males ranged in size from 7.4 to 23 cm total length, but only larger ones were observed to dig and defend a burrow, where they performed parental care on eggs laid by one to several females. Field observations together with analyses of age, sperm production, trail sperm content and sperm competition tests indicated the occurrence of alternative male mating tactics, likely the expression of an ontogenetic gradient. Larger males are older than smaller ones, and while the former are territorial, the latter “sneak” territorial male spawns. The ejaculate characteristics indicate that grass goby males have functionally polymorphic spawns: in fact sperm trails of larger males last longer and release fewer sperm than those of smaller males. Sperm production over several days is more constant in larger than in smaller males, but the total number of sperm released is higher in the latter. The influence of seminal fluid in the functional intraspecific variability in sperm release in this species is discussed
ABAKA: A novel attribute-based k-anonymous collaborative solution for LBSs
The increasing use of mobile devices, along with advances in telecommunication systems, increased the popularity of Location-Based Services (LBSs). In LBSs, users share their exact location with a potentially untrusted Location-Based Service Provider (LBSP). In such a scenario, user privacy becomes a major con- cern: the knowledge about user location may lead to her identification as well as a continuous tracing of her position. Researchers proposed several approaches to preserve users’ location privacy. They also showed that hiding the location of an LBS user is not enough to guarantee her privacy, i.e., user’s pro- file attributes or background knowledge of an attacker may reveal the user’s identity. In this paper we propose ABAKA, a novel collaborative approach that provides identity privacy for LBS users considering users’ profile attributes. In particular, our solution guarantees p -sensitive k -anonymity for the user that sends an LBS request to the LBSP. ABAKA computes a cloaked area by collaborative multi-hop forwarding of the LBS query, and using Ciphertext-Policy Attribute-Based Encryption (CP-ABE). We ran a thorough set of experiments to evaluate our solution: the results confirm the feasibility and efficiency of our proposal
Smartphone and Laptop Frameworks for vehicular networking experimentation
Testing Vehicular Network protocols can be quite problematic. In fact, vehicular experiments are often expensive in both economic and temporal terms. As a consequence, researchers generally resort to software simulations which are a neccessary first step but still not sufficient. In this paper, we present two possible experimentation frameworks that could give a boost to the testing of protocols for vehicular networks: the first framework is based on Android smartphones, while the second is based on commodity laptop computers. In order to assess the feasibility and the performance of the proposed frameworks, we implemented through them a representative vehicle-to-vehicle multi-hop broadcast algorithm, i.e., the Fast Broadcast algorithm. © 2013 IEEE
PADS: Practical Attestation for Highly Dynamic Swarm Topologies
Remote attestation protocols are widely used to detect device configuration (e.g., software and/or data) compromise in Internet of Things (IoT) scenarios. Unfortunately, the performances of such protocols are unsatisfactory when dealing with thousands of smart devices. Recently, researchers are focusing on addressing this limitation. The approach is to run attestation in a collective way, with the goal of reducing computation and communication. Despite these advances, current solutions for attestation are still unsatisfactory because of their complex management and strict assumptions concerning the topology (e.g., being time invariant or maintaining a fixed topology). In this paper, we propose PADS, a secure, efficient, and practical protocol for attesting potentially large networks of smart devices with unstructured or dynamic topologies. PADS builds upon the recent concept of non-interactive attestation, by reducing the collective attestation problem into a minimum consensus one. We compare PADS with a state-of-the art collective attestation protocol and validate it by using realistic simulations that show practicality and efficiency. The results confirm the suitability of PADS for low-end devices, and highly unstructured networks
On the Feasibility of Attribute-Based Encryption on Internet of Things Devices.
Attribute-based encryption (ABE) could be an effective cryptographic tool for the secure management of Internet of Things (IoT) devices, but its feasibility in the IoT has been under-investigated thus far. This article explores such feasibility for well-known IoT platforms, namely, Intel Galileo Gen 2, Intel Edison, Raspberry pi 1 model B, and Raspberry pi zero, and concludes that adopting ABE in the IoT is indeed feasible
- …
